AWS API Gateway not working with custom domain

5
votes

I've created an expressjs api and hosted in AWS lambda with an api gateway for the same. It is working fine as expected with the url:

https://[api-id].execute-api.[region].amazonaws.com/prod/api/v1/todos

But I want to invoke it using a custom domain and I confgiured it using the custom domain option of the api gateway. I've registered my domain using google domains and I've added the CNAME entry in DNS configuration to map it to the cloudfront target domain name. So far so good.

enter image description here

The api gateway custom domain configuration is as follows with corresponding mappings.

enter image description here

My problem is that I'm getting the message Cannot GET /aprod/api/v1/todos, on invoking with url:

https://apis.mydomain.com/aprod/api/v1/todos

and forbidden on

https://apis.mydomain.com/api/v1/todos

.

My cloudwatch logs is as follows. If I'm not invoking with custom domain it works fine (green block), else no specific message (red block).

enter image description here

I've already spent two weekends on this issue, any help is much appreciated.

2
amazon-web-servicesexpressaws-lambdaaws-api-gatewaygoogle-domains
you used prod/api but it suddenly changed aprod/api is that correct?Lamanus
I added the mapping in the custom domain configuration (second pic).Krishna Mohan
Custom domain configuration looks fine. Try to debug your lambda code to find out the difference.Kane
Cannot GET /aprod/api/v1/todos means the response coming back from express, so it definetly reach the application, just for curiosity try to reach /aprod/aprod/api/v1/todosSándor Bakos
@KrishnaMohan Ah no worries. I was able to come up with a solution. I had to make sure whatever path I set in the API gateway domain I had to include in my routing on the express app. Ex: if you added aprod path mapping for production stage at apis.mydomain.com/aprod In express I have to add include the path in the routing eg. app.post( '/aprod/v1/todos', ...)Hans-Eric Lippke

2 Answers

7
votes

Based on my experience, there are two possible causes.

VPC Link

If your origin server is inside private VPC, it is necessary to create VPC Link and Network Load Balancer (NLB) instead of Application Load Balancer (ALB).

See more detail: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html

Point to API Gateway Endpoint

CNAME should point to the API Gateway endpoint instead of CloudFront. In this case, the value of CNAME should be like this.

https://[api-id].execute-api.[region].amazonaws.com

Otherwise, the access through the custom domain is passed directly to the CloudFront.

(Another Possible Cause) Using A Record

In my case, A record is used to point to the alias of NLB. It is a functionality of Route53 but using A record might be necessary instead of CNAME.

2
votes

The "Cannot GET" error code is not a Lambda or API Gateway error code, and looks specific to Express JS.

The logs you've posted look like lambda logs, and if so then either lambda is getting invoked by something else, or you have successfully invoked your lambda function via the API call using "https://apis.mydomain.com/aprod/api/v1/todos" as user "Sándor Bakos" suggested.

This means that you aren't dealing with a custom domain or API Gateway error, but instead are seeing this error from your Lambda function code. Some quick googling proves that out and I wonder if this SO post will help? Node, Express - CANNOT GET route

For a bit more detail, if you were to invoke an URI in API Gateway that doesn't exist, unless you are successfully using SIGV4(IAM Auth) you will get a 403 with error message "Missing Authentication Token", and even then it would not return a "Cannot GET" error message unless you specifically mapped a gateway response for it.